sneak/dnswatcher
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

TLS cert key collision: duplicate checks for shared IP + SNI targets #56

New Issue
Closed
opened 2026-03-01 23:23:52 +01:00 by clawbot · 1 comment
clawbot commented 2026-03-01 23:23:52 +01:00
Collaborator
Copy Link

Cert state key is ip:port:hostname. If the same IP serves different certs for different SNI hostnames (SNI routing), this works. But if two configured hostnames share the same IP AND the same SNI target (e.g. CNAME to CDN), we get duplicate checks.

Minor inefficiency, not a correctness bug.

Ref: issue #5 item 4

Cert state key is `ip:port:hostname`. If the same IP serves different certs for different SNI hostnames (SNI routing), this works. But if two configured hostnames share the same IP AND the same SNI target (e.g. CNAME to CDN), we get duplicate checks. Minor inefficiency, not a correctness bug. Ref: [issue #5](https://git.eeqj.de/sneak/dnswatcher/issues/5) item 4
clawbot added the bot label 2026-03-01 23:23:52 +01:00
sneak commented 2026-03-01 23:28:33 +01:00
Owner
Copy Link

WONTFIX

WONTFIX
sneak closed this issue 2026-03-01 23:28:33 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bot
Agent's turn to work
 merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-rework
Code review found issues to fix
No Label bot
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/dnswatcher#56
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?